[libvirt] [PATCH] xend: Don't crash in virDomainXMLDevID

Ján Tomko jtomko at redhat.com
Fri Jan 30 10:12:06 UTC 2015 

On Fri, Jan 30, 2015 at 10:53:09AM +0100, Michal Privoznik wrote:
> The function is called from all {Attach,Update,Detach}Device APIs to
> create config strings that are later passed to the xend to perform the
> desired action. The function is intended to handle all supported
> devices. However, as of 5b05358abacb1029fa0d61f72decacf0d4fd8ffb we
> are trying to get disk driver of the device without checking if the
> device really is a disk. This leads to an segmentation fault:
> 
>   #0 0x00007ffff7571815 in virDomainDiskGetDriver () from /usr/lib/libvirt.so.0
>   #1 0x00007fffeb9ad471 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
>   #2 0x00007fffeb9b1062 in xenDaemonAttachDeviceFlags () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
>   #3 0x00007fffeb9a8a86 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
>   #4 0x00007ffff7609266 in virDomainAttachDevice () from /usr/lib/libvirt.so.0
>   #5 0x0000555555593c9d in ?? ()
>   #6 0x00007ffff76743c9 in virNetServerProgramDispatch () from /usr/lib/libvirt.so.0
>   #7 0x00005555555a678d in ?? ()
>   #8 0x00007ffff755460e in ?? () from /usr/lib/libvirt.so.0
>   #9 0x00007ffff7553b06 in ?? () from /usr/lib/libvirt.so.0
>   #10 0x00007ffff4998b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
>   #11 0x00007ffff46e30ed in clone () from /lib/x86_64-linux-gnu/libc.so.6
>   #12 0x0000000000000000 in ?? ()
> 
> Reported-by: Xiaolin Su <linxxnil at 126.com>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/xen/xend_internal.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 

ACK

It would be nice if you could push it to v1.2.9-maint as well.

Jan

> diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
> index a51cb20..c2b9098 100644
> --- a/src/xen/xend_internal.c
> +++ b/src/xen/xend_internal.c
> @@ -3329,9 +3329,10 @@ virDomainXMLDevID(virConnectPtr conn,
>      xenUnifiedPrivatePtr priv = conn->privateData;
>      char *xref;
>      char *tmp;
> -    const char *driver = virDomainDiskGetDriver(dev->data.disk);
>  
>      if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
> +        const char *driver = virDomainDiskGetDriver(dev->data.disk);
> +
>          if (STREQ_NULLABLE(driver, "tap") || STREQ_NULLABLE(driver, "tap2"))
>              strcpy(class, driver);
>          else
> -- 
> 2.0.5
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150130/99a9b84d/attachment-0001.sig>

More information about the libvir-list mailing list